62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e

General

Target

62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
Size

72KB
MD5

0b9b9d469ac87b3efc7510a55bbc1c40
SHA1

1d9b9776424926b2096c48262ec89c08e86eaf41
SHA256

62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e
SHA512

f4e86960560ee4ab2dc9b74836e943cac2abecf84b9856367c568779a484b385772967be1abb48fd570529e45ecb7213d1d2a5cc098069543adc26194f008de7
SSDEEP

768:W7Blp9pARFbhQSox/6Sox/ME4JAIAepE4JAIAeuDlmlQPc3f6Pc3f5TGotuMOiJX:W7Z9pApQESOHepOHe8G+6E65TGA3v/

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5021) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe

description	ioc	process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-PipelineConfig.xml.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Java\jre-1.8\bin\fontmanager.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-pl.xrm-ms.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\HintBarEllipses.16.White.png.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ppd.xrm-ms.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\id.pak.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.DispatchProxy.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationUI.resources.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SAEXT.DLL.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\tr.pak.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\TellMeRuntime.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN111.XML.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Xaml.resources.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzmappings.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-100.png.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.Json.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Input.Manipulations.resources.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-180.png.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ppd.xrm-ms.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OAuth.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdDataExtension.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorrc.dll.tmp	62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe

C:\Users\Admin\AppData\Local\Temp\62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe
"C:\Users\Admin\AppData\Local\Temp\62c685d1b7321f050b7b70470146ab980ed1dc73d9a525e8b9d7a6713c8af45e.exe"
1⤵
- Drops file in Program Files directory
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3624,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=3824 /prefetch:8
1⤵
PID:744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp
Filesize
72KB

MD5
beec3c4e2b6fdde4540ea747e84a30ec

SHA1
90301d32e0cab454c61fe58fe32a165b7dfaed1b

SHA256
54108b8229344117ce849b4fcaa734722f4ca82c79a76c9a631ce2ff6067d785

SHA512
7b1574f9f2cedca68b9df51ba5b91772e830da7b76a26e1a521f494bef270c7302f46bb40f0e9f6610536769302871516967dba5b11cca2d5b50cd2e7680d05a

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp
Filesize
185KB

MD5
faaf8a94fc349e065532d909fcfc380e

SHA1
e2be24c9c869c0adae4b40e3a09aaba05d106ff7

SHA256
81c314644340ad2addc2d654e59d0e415e6732e78a60b5d92db9a3d99f62ef87

SHA512
880154c678c23dc72692555d8229f5789e38b77086d4642a8903265b6de498ab24b022442f0a6ab549975dc2053aa5b5d924e9b8de9256a4cc3a8c984fc7b47d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads